Workfront is changing the way we manage users and passwords. The enhanced authentication experience will release in a phased approach. The end result will be a consistent and more secure sign-in experience across all Workfront products and services.
- Authentication Functionality Comparison
- Configuring and Managing the Enhanced Authentication Experience for Your Organization as the Workfront Administrator
- Logging In to Workfront with the Enhanced Authentication Configured
- Using Legacy Authentication (for Organizations Not Yet Migrated to the Enhanced Authentication Experience)
Authentication Functionality Comparison
The following table provides details about current and future functionality:
Feature |
Current Authentication | Enhanced Authentication |
Login options |
||
Enable a single username to be used for all Workfront products and services, including training, support, and others |
Not available |
Planned for future |
Allow using the same email address across Workfront instances |
Not available |
Planned for future |
Email addresses are case-sensitive
|
✓ |
Not planned Multiple users cannot have the same email address if the address differs only by case. |
Password management options |
||
Instigate a password reset email for a user as the Workfront administrator |
Not available |
✓ |
Set a temporary password for a user as the Workfront administrator |
✓ |
Not planned This functionality is not a security best practice |
Password policy requirements |
||
Require users to reset passwords after a certain timeframe |
✓ |
Not planned This functionality is not a security best practice |
Restrict users from using a previous password |
✓ | Not planned |
Safeguard against incorrect password entry attempts |
✓ Locks the account after a certain number of incorrect password entry attempts as configured by the Workfront administrator |
Planned for future Wait time is exponentially increased after each successive incorrect password based on industry best practices; the time required is not configurable by the Workfront administrator |
Require a mix of lowercase, uppercase, numbers, and special characters |
✓ |
✓ Enhanced flexibility in choosing specific requirements |
Set a minimum password length |
Not available | ✓ |
Single Sign-On Protocol support |
||
Supports SSO integrations that are compliant with Active Directory and LDAP protocols |
✓ | Not planned |
Supports SSO protocols that are compliant with SAML 2.0 |
✓ | ✓ |
Configure the Workfront login page to always redirect to the identity provider login page |
Not available | ✓ |
Environment support |
||
Available for Production environments |
✓ | ✓ |
Available for Preview and Sandbox environments | ✓ | Planned for future |
Configuring and Managing the Enhanced Authentication Experience for Your Organization as the Workfront Administrator
If you cannot complete the steps described in this section, your organization has not yet been migrated to the Enhanced authentication experience. The migration is happening as a phased rollout, and you will be notified prior to your organization being migrated. Until then, follow the steps in Using Legacy Authentication (for Organizations Not Yet Migrated to the Enhanced Authentication Experience).
The following sections describe how to configure and manage the enhanced authentication experience:
- Changing Matching Emails
- Configuring Your Email System to Allow Emails for Enhanced Authentication
- Configuring Password Policies for Enhanced Authentication
- Updating SAML 2.0 Metadata in Your Identity Provider
- Configuring the Enhanced Authentication Experience for Your Organization as the Workfront administrator
- Resetting Passwords for Users as the Workfront Administrator
- Resetting Your Administrator Password
When using the enhanced authentication experience, an email address can be used in the same customer account only once (even with different uppercase and lowercase combinations). You must change any matching emails before your organization is migrated.
Configuring Your Email System to Allow Emails for Enhanced Authentication
You should configure your email system to allow emails from the following email address:
no-reply@verificationemail.com
This is the email address Workfront uses to send emails to users for the following purposes:
- The confirmation email when resetting the password for the enhanced authentication experience, as described in "Logging In to Workfront with the Enhanced Authentication Experience Configured."
- The welcome email that is sent after the user successfully configures the enhanced authentication experience.
If you do not configure your email system to allow emails from this address, these important emails might go to the user's spam folder.
Configuring Password Policies for Enhanced Authentication
For information about how to configure password policies for the enhanced authentication experience, see "Configuring Enhanced Authentication" in the article "Configuring Password Policies for Authentication."
Updating SAML 2.0 Metadata in Your Identity Provider
For information about configuring SAML 2.0 metadata, see "Updating SAML 2.0 Metadata in Your Identity Provider When Using the Enhanced Authentication Experience"
Resetting Passwords for Users as the Workfront Administrator
With the enhanced authentication experience, you can no longer manually reset another user's password when editing a user as a Workfront administrator. Instead, you can initiate a Forgot Password email.
NOTE Users must have a valid email address to be able to retrieve their password.
To send the Forgot Password email:
- Go to the People area, then click the People tab.
- Select the users whose passwords you want to reset.
- Click More > Send Forgot Password Email.
Resetting Your Administrator Password
- Click your profile picture in the upper-right corner of the Workfront interface, then click My Settings.
- In the My Settings dialog box, click Reset Password.
A new pop-up is displayed where you can specify your new password. - After you confirm your new password, you should receive a confirmation email. Go to your email inbox and look for an email from "no-reply@verificationemail.com". This email might be in your spam folder.
Logging In to Workfront with the Enhanced Authentication Experience Configured
NOTE The migration affects only Production accounts. Use your existing login credentials when accessing Preview or Sandbox instances of Workfront.
The first time you log in to Workfront after your organization is upgraded to the enhanced authentication experience:
- In a web browser, go to your Workfront site.
- Use your current Workfront login credentials to log in to the Workfront site.
- When prompted, reset your password.
You can use your existing password if it complies with the new password requirements.
Using Legacy Authentication (for Organizations Not Yet Migrated to the Enhanced Authentication Experience)
If your organization has not yet been migrated to the enhanced authentication experience, you must continue to use the legacy form of authentication until your organization is migrated to the new form of authentication.
For information about how to view or modify legacy authentication settings, see "Configuring Legacy Authentication" in the article "Configuring Password Policies for Authentication."
Thank you for taking the time to provide feedback. We appreciate and value your contribution to our site. Feedback provided here is regularly reviewed by our Product Documentation team. Please ensure your comments are specific to improving this help article. Any questions or requests outside this help article content should be directed to our Community User Forum or by submitting a ticket to customer support.